Information on the processing and protection of personal data – GDPR
The company HONTER CZ s.r.o., ID: 17929610, registered office at Plynární 1617/10,
Prague 7, 170 00, registered in the commercial register maintained by the Municipal Court in Prague, section C, insert 378826 as the operator of the website www.honter.cz (hereinafter referred to as the „administrator“) declares that all personal data is handled in accordance with by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in connection with the processing of personal data and on the free movement of such data and on the repeal of Directive 95/46/EC (General Regulation on the Protection of Personal Data) (hereinafter just „GDPR regulation“) and in accordance with Act No. 101/2000 Coll., on the protection of personal data and on the amendment of certain laws, as amended.
The data controller provides the following information to the customer as a data subject:
1. Identity and contact details of the administrator.
HONTER CZ s.r.o.
Headquartered at Plynární 1617/10, 170 00 Prague 7
2. Categories of personal data processed.
The controller processes the following categories of personal data:
Contact details – name and surname, e-mail address, postal (delivery) address, billing address, telephone number, bank account, VAT number (natural persons).
Demographics – country and preferred language.
Order/request data – order/request history, purchased/requested goods, services and products, payment method and payment information, customer segment, personal settings (preferences), including marketing settings
Social media information, including identity/login information and any information from your publicly posted posts about our company or your communications with us.
The controller also processes data from communications between the controller and the customer and records of activity on websites managed by the controller, including device identification number and network access, cookies, IP addresses, referrer headers, data identifying your internet browser and its version, as well as web beacons and tags.
3. Purpose and legal reason for processing personal data.
The purpose of processing personal data is the proper performance of the contract and other obligations imposed by generally binding legal regulations.
The processing of the customer’s personal data is necessary for the fulfilment of the legal obligations of the controller under generally binding legal regulations, in particular under Act No. 89/2012 Coll., the Civil Code.
The processing of the customer’s personal data is necessary for the purpose of entering into a contract for work or any other contract or agreement in connection with the performance of the controller, as well as in connection with the performance of such contract or agreement and for the purpose of asserting claims thereunder.
The processing of the customer’s personal data is necessary for the exercise of the legitimate interests of the controller. Legitimate interests include, in particular, customer support, communication, service improvement, system protection and security, fraud prevention and dispute resolution.
The controller does not intend to further process the personal data for any purpose other than that for which it was collected.
4. Period of processing of personal data
Data from communication between the controller and the customer and records of activity on the website are processed for a period of 5 years.
The personal data of the customer contained in the accounting documents issued by the administrator are processed in accordance with Act No. 235/2004 Coll., on value added tax for a period of 10 years from the end of the tax period in which the documents were issued.
In other cases, the controller shall process the customer’s personal data for the time necessary to ensure all rights and fulfil all obligations arising from the contract in question or other claims arising from these contracts. In addition, the controller shall process the customer’s personal data for the period for which it is obliged to retain them under generally binding legal regulations.
5. Categories of recipients of personal data
The customer’s personal data will be passed on to third parties – processors only if this is necessary for the proper performance of contractual obligations under the contract in question, on the basis of the legitimate interest of the controller, or if the customer has consented to this in advance.
The transfer of personal data to the controller’s subcontractors, payment service providers for the purpose of payment processing and banks, as well as to carriers for the purpose of delivery of the object of purchase and other service providers involved in data processing are deemed necessary for the proper performance of contractual obligations.
On the basis of the legitimate interest of the controller, personal data may be transmitted in particular to administrative, judicial and other public authorities.
The controller shall only transfer personal data to third parties that have taken all technical, organisational and other measures to prevent unauthorised or accidental access to, alteration, destruction, loss or other unauthorised use of personal data. Personal data may be processed on the basis of a contractual relationship by third parties, namely accounting firms, tax advisors, attorneys, information system providers, auditors, selected subcontractors. These persons are bound by confidentiality.
The controller does not intend to transfer personal data to third countries.
6. Security of personal data.
The controller has in place appropriate, regularly updated and revised technical, organisational and other measures to prevent unauthorised or accidental access to, alteration, destruction, loss or other unauthorised use of personal data.
7. Rights of the data subject.
The customer, as a data subject, has the following rights against the controller:
Right of access to personal data
The customer has the right to obtain confirmation from the controller as to whether or not the personal data relating to him/her are processed and, if so, the right to access such personal data and other information pursuant to Article 15 of the GDPR.
Right to repair
According to Article 16 of the GDPR, the customer has the right to have the controller correct inaccurate personal data concerning him/her and complete incomplete personal data without undue justification.
Right to erasure
The customer has the right to have the controller delete the personal data concerning the subject without undue delay under the conditions of Article 17 of the GDPR, in particular if they are no longer necessary for the purposes for which they were collected. This right also fulfils the so-called right to be forgotten.
Right to restriction of processing
The customer has the right to have the controller restrict the processing of their personal data in any of the cases listed in Article 18 of the GDPR.
Právo odvolat souhlas se zpracováním osobních údajů
Where the controller processes personal data on the basis of Article 6(1)(a) or Article 9(2)(a) of the GDPR, the customer has the right to withdraw his consent to the processing of personal data at any time, without prejudice to the lawfulness of the processing based on the consent given prior to his withdrawal.
Right to data portability
Within the meaning and under the conditions set out in Article 20 of the GDPR, the customer has the right to obtain from the controller the personal data concerning him or her in a structured, commonly used and machine-readable format and the right to transfer such data to another controller without hindrance from the original controller.
Right to object
The customer has the right, within the meaning and under the conditions set out in Article 21 of the GDPR, to object to the processing of personal data on the basis of processing that is based on the legitimate interests of the controller or is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
Right to lodge a complaint
The customer is entitled to lodge a complaint with the supervisory authority in connection with the processing of his/her personal data within the meaning of Article 77 of the GDPR. The Office for Personal Data Protection, located at Pplk. Sochora 27, 170 00 Prague, supervises compliance with the obligations in processing personal data. More information on the rights of data subjects is available on the website of the Office for Personal Data Protection (https://www.uoou.cz/6-prava-subjektu-udaj/d-27276).
8. Automated decision-making, including profiling.
The controller shall not carry out fully automated decision-making, including profiling, which would have legal effects on the customer or significantly affect the customer in a similar way.
9. Webové stránky
The website www.honter.cz operated by the administrator uses so-called cookies. Cookies are short text files that the website stores in the browser of the customer’s electronic device. The purpose of these files is to record information about the customer’s visit to the website and to subsequently optimize the functioning of the website for the customer. The customer is hereby informed of the fact that cookies are able to collect information about the visit to the website and subsequently use this information to display personalised advertisements. However, this data is not capable of identifying the website visitor.
The www.izolace.honter.cz website operated by the Controller contains links to other websites which may be owned and operated by third parties with different security and privacy policies. The Controller is not responsible for any content and handling of personal data on linked websites.
11. Provision of personal data for marketing purposes
Commercial communications may be sent to the email address or telephone number, as this procedure is permitted by the provisions of Section 7(3) of Act No. 480/2004 Coll., on Information Society Services, unless the customer rejects it. The email address will be processed by the controller for this purpose for a period of 5 years from the last visit to the www.honter.cz website.
In the case of consent provided by the customer, such consent is provided voluntarily and the customer is entitled to withdraw it at any time, in writing to the headquarters of the administrator or by e-mail to the above e-mail address. In this case, the customer will no longer be the recipient of the marketing services of the controller.
This privacy notice is valid from 25 May 2018.